Sebastopol, CA—Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook (O'Reilly Media, $39.99 USD) demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite.

The recipes in this new title cover the basics from observing messages between clients and servers to multi-phase tests that script the login and execution of web application features. By the end of the book, you'll be able to build tests pinpointed at Ajax functions, as well as large multi-step tests for the usual suspects: cross-site scripting and injection attacks.

Understand how your application communicates with users, so you can better simulate attacks in your tests

Choose from many different methods that simulate common attacks such as SQL injection, cross-site scripting, and manipulating hidden form fields

Make your tests repeatable by using the scripts and examples in the recipes as starting points for automated tests

Don't live in dread of the midnight phone call telling you that your site has been hacked. With Web Security Testing Cookbook and the free tools used in the book's examples, you can incorporate security coverage into your test suite, and sleep in peace.

Advance Praise:
"Great real-life examples throughout make the theory come alive and make the attacks compelling."
--Lee Copeland, Program Chair StarEast and StarWest Testing Conferences

"Finally, a plain-sense handbook for testers that teaches the mechanics of security testing. Belying the usability of the 'recipe' approach, this book actually arms the tester to find vulnerabilities that even some of the best known security tools can't find."
--Matt Fisher, Founder and CEO Piscis LLCv

For a review copy or more information please email maryr@oreilly.com. Please include your delivery address and contact information.

Paco Hope is a Technical Manager with Cigital. His areas of expertise software security, security testing, and casino gaming. He specializes in analyzing the security of software, software systems, and software development processes.
Paco frequently speaks at conferences such as the Better Software Conference, STAR East, and STAR West. He conducts training on risk-based security testing, writing security requirements, and software security fundamentals. He can be reached at paco@cigital.com.

Ben Walther is a consultant at Cigital and contributor to the Edit Cookies tool. He has a hand in both normal Quality Assurance and Software Security. Day to day, he designs and executes tests, so he understands the need for simple recipes in the hectic QA world.

Additional Resources:
For more information about the book, including table of contents, index, author bios, and cover graphic, see the catalog page for Web Security Testing Cookbook.

About O'Reilly

O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.